The breach may have impacted hundreds of millions of people. State prosecutors across the US are demanding civil penalties. No wonder National Public Data, a company responsible for a massive leak of Social Security numbers, has filed for bankruptcy.
The cybersecurity world was shocked when a threat actor posted a database stolen from National Public Data (NPD), a background check and the personal lookup company, on the illicit web marketplace BreachForums in the summer.
The data included Social Security numbers, full names, addresses, phones, and other personal data. The full database is 277GB large and contains 2.7 billion records.
Soon, NPD confirmed the incident and the potential fallout. But now, after the victims whose details were leaked filed a class-action lawsuit accusing the firm of negligence, unjust enrichment, and other violations, the company is calling it quits.
According to court documents, NPD filed for bankruptcy last week in the face of a wave of lawsuits demanding that its parent company, Jericho Pictures, pay significant damages.
The filings reveal that the company calculates it’ll need to notify and pay for credit monitoring “for hundreds of millions of potentially impacted individuals.”
That’s because the threat actor stole a trove of data containing 272 million unique Social Security numbers and 600 million phone numbers from US residents.
“The enterprise cannot generate sufficient revenue to address the extensive potential liabilities, not to mention, defend the lawsuits and support the investigations,” said the court documents.
They also reveal that attorneys general from more than 20 different states are demanding NPD pay civil penalties for allowing the breach to occur. The US Federal Trade Commission is also scrutinizing the incident.
The bankruptcy filing is probably meant to help NPD manage the onslaught of lawsuits. Indeed, it might help – due to the filing, that the first class-action lawsuit filed against Jericho Pictures has been temporarily stayed by a court in Florida.
According to researchers, malicious actors seeking financial gain can still use the data to carry out a wide range of attacks, such as identity theft or phishing. Some examples include impersonating tax authorities or relatives and investment scams.
Your email address will not be published. Required fields are markedmarked